pktsurf/smlinux
1
1
Fork 0
Code Issues 1 Pull requests Wiki Activity

Security upgrade - base/expat - to 2.4.5

Browse source 
Security fix for net/php 7.4.26
This commit is contained in:
SMLinux 2022-02-20 14:18:17 +05:30
parent e9facc22a4
commit 0db4d069b0
3 changed files with 62 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
base/expat/expat.SMBuild
View file

@ -1,5 +1,5 @@
app=expat
version=2.2.9
version=2.4.5
build=1sml
homepage='https://libexpat.github.io/'
download='https://github.com/libexpat/libexpat/releases/download/R_2_2_9/expat-2.2.9.tar.xz'
@ -27,5 +27,5 @@ build() {
}
sha512sums="
85232a37d6b3b7aed0c16bbe30644c23faf80180d2e6c470fc60eb9e3da7fb4a315e9c97f02c5e8bbbd7e051a4e192d691763c228e388ece2ce96e1f4cb3588b expat-2.2.9.tar.lz
17480d0634b66bc2873897353d94b0c623e2a9a362cabe50f66adb62d5541b0f7bc4e2d3110124c4a1e14498e4db2c582a600e12234ebf91eeffe222f5dee44a expat-2.4.5.tar.lz
"

57
net/php/cve-2021-21708.patch Normal file
View file

@ -0,0 +1,57 @@
From 6fc79c90a07672992b39d8d4fc95ad4023f751ae Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 31 Jan 2022 15:43:24 +0100
Subject: [PATCH] Fix #81708: UAF due to php_filter_float() failing for ints
We must only release the zval, if we actually assign a new zval.
---
ext/filter/logical_filters.c | 2 +-
ext/filter/tests/bug81708.phpt | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
create mode 100644 ext/filter/tests/bug81708.phpt
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index fa6ae65ac5..e5e87c0156 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -435,10 +435,10 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
switch (is_numeric_string(num, p - num, &lval, &dval, 0)) {
case IS_LONG:
- zval_ptr_dtor(value);
if ((min_range_set && (lval < min_range)) || (max_range_set && (lval > max_range))) {
goto error;
}
+ zval_ptr_dtor(value);
ZVAL_DOUBLE(value, (double)lval);
break;
case IS_DOUBLE:
diff --git a/ext/filter/tests/bug81708.phpt b/ext/filter/tests/bug81708.phpt
new file mode 100644
index 0000000000..d0036af136
--- /dev/null
+++ b/ext/filter/tests/bug81708.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #81708 (UAF due to php_filter_float() failing for ints)
+--SKIPIF--
+<?php
+if (!extension_loaded("filter")) die("skip filter extension not available");
+?>
+--INI--
+opcache.enable_cli=0
+--FILE--
+<?php
+$input = "+" . str_repeat("1", 2); // avoid string interning
+filter_var(
+ $input,
+ FILTER_VALIDATE_FLOAT,
+ ["options" => ['min_range' => -1, 'max_range' => 1]]
+);
+var_dump($input);
+?>
+--EXPECT--
+string(3) "+11"
--
2.35.1.windows.1

4
net/php/php.SMBuild
View file

@ -1,7 +1,7 @@
app=php
version=7.4.26
rrdversion=2.0.3
build=1sml
build=2sml
homepage="https://www.php.net/"
download="https://www.php.net/distributions/php-7.4.26.tar.xz"
desc="Scripting language suited for creating dynamic websites"
@ -22,6 +22,8 @@ build() {
cd ..
./buildconf -f
patch -p1 < $srcdir/cve-2021-21708.patch
./configure \
--prefix="" \
--sysconfdir=/etc/php \